SYDNEY (Reuters): Russia-based hackers were behind the cyberattack on insurer Medibank Private Ltd, which compromised the details of just under 10 million current and former customers, Australian Federal Police said on Friday.
Australian Federal Police (AFP) Commissioner Reece Kershaw blamed a loosely-affiliated group of cyber criminals likely responsible for other big breaches around the world for the attack on Medibank.
Kershaw said the AFP knows which individuals are responsible but will not be naming them at this moment.
“To the criminals, we know who you are and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” he said at a short news conference on Friday.
Kershaw said the AFP will be holding talks with Russian law enforcement about the individuals.
Russia’s embassy did not immediately respond to questions asking whether it had been in communication with the Australian government over the hack.
Medibank, which is Australia’s biggest health insurer, said on Wednesday the hacker could release more stolen data after the company refused to make ransom payments.
“We expect the criminal to continue to release files on the dark web,” it added.
Prime Minister Anthony Albanese said his government was working with investigators on the cyber hack, the latest in a string of data breaches which have rocked corporate Australia.
“This is really tough for people. I’m a Medibank private customer as well, and it will be of concern that some of this information has been put out there,” Albanese said during a media briefing.
It was not immediately clear whether the hacker has access to the prime minister’s medical or personal details.
Data of around 9.7 million current and former customers were compromised, Medibank has said.